Harvard University “discovered an intrusion on the Faculty of Arts and Sciences and Central Administration information technology networks” June 19, said Provost Alan Garber and Executive Vice President Katie Lapp in a joint statement Wednesday. “Since discovering this intrusion, Harvard has been working with external information security experts and federal law enforcement to investigate the incident, protect the information stored on our systems, and strengthen IT environments across the University,” the statement said. Garber and Lapp said there's no indication now that personal data, research data or PIN system credentials were compromised but said Harvard login credentials may have been used to access individual computers, and university email accounts “have been exposed.” To further secure data, the university is requiring those who are part of the Faculty of Arts and Science, Harvard Divinity School, Radcliffe Institute for Advanced Study or Central Administration to change the password associated with their Harvard account. Those part of the Graduate School of Design, Graduate School of Education, School of Engineering and Applied Sciences, or School of Public Health are required to change their email password. “Password changes will be required again at a later time,” the statement said. Those who are part of the business, Kennedy, law, medical or dental schools “do not need to take any action at this time,” the statement said.

“Universal strong encryption will protect all of us -- our innovation, our private thoughts, and so many other things of value -- from thieves of all kinds,” but there also are many costs associated with the use of encryption, FBI Director James Comey wrote in a post for the Lawfare blog on Monday. “Public safety in the United States has relied for a couple centuries on the ability of the government, with predication, to obtain permission from a court to access the ‘papers and effects’ and communications of Americans,” Comey wrote. When the government can no longer see an individual’s communications, while respecting Fourth Amendment rights, public safety is affected, he said. The Islamic State group in Syria is recruiting and “tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment,” he said. It’s not just the Islamic State, but criminal actors throughout the U.S. and world “can communicate with impunity in a world of universal strong encryption,” he said. The American people will decide if the public safety benefits outweigh the privacy costs of universal strong encryption, but from his perspective, Comey said, strong encryption “will inexorably affect my ability” to keep people safe.

Ten of the top 20 fastest broadband regions in the world are in the U.S., said a recent report from Akamai, according to an analysis of the data from NCTA. Delaware, Washington, D.C., and Virginia come in at three, four and five on the list with average peak connection speeds of 85.6, 79.2 and 79 Mbps respectively. Singapore is No. 1 with 98.5 Mbps. Maryland and California are 19 and 20 on the list with average peak connection speeds of 64.4 and 64.3 Mbps, NCTA said. The rankings are reflective of infrastructure and technology, as well as basic geography, it said. Each of the nations at the top of the list is small and densely populated while many of the U.S. states on the list share similar geography, the analysis from NCTA said.

Cybersecurity firm Kaspersky Lab coined the term “digital amnesia” to describe the phenomenon of forgetting information that Americans trust a digital device to store and remember for them, the company said Wednesday in a report. That the phenomenon is so prevalent points up the need for Americans to adequately protect their devices with “readily available IT security products,” but protection of the sort that Kaspersky and others sell is lacking, the report said. Kaspersky canvassed 1,000 U.S. consumers aged 16 to 55 online in May and found that 91 percent “can easily admit their dependency on the Internet and devices as a tool for remembering and an extension of their brain,” it said. And 44 percent said their smartphone holds almost everything they need to know or recall. “Not surprisingly, the study also found that the loss or compromise of data stored on digital devices, and smartphones in particular, would leave many users devastated,” the company said. But in the study, 28 percent admitted they don’t protect any of their devices with “additional security,” it said. The firm said it found just one in three installs extra IT security on a smartphone, one in five on a tablet.

U.N. member states began meetings Wednesday in New York on preparations for the U.N.’s Dec. 15-16 meeting on outcomes of the past 10 years of implementation of the World Summit on the Information Society. The December meeting “will take stock of the progress made in the implementation of WSIS outcomes and to address potential information and communications technology gaps and areas for continued focus, as well as challenges, including bridging the digital divide and harnessing ICTs for development,” the U.N. said in a news release. Preparatory meetings Wednesday and Thursday were meant to consult with “relevant” WSIS stakeholders and determine areas where further focus is needed, the U.N. said.

ICANN Vice President-Domain Names Services & Industry Cyrus Namazi acknowledged the presence of ongoing campaigns against controversial portions of an initial report by the Generic Names Supporting Organization’s Policy Development Process Working Group on Privacy & Proxy Services Accreditation Issues (PPSAI). Privacy advocates are urging Internet users to file comments opposing a portion of the PPSAI report that explores whether to recommend that ICANN bar owners of domain names that point to commercial websites from using privacy and proxy services’ information on the WHOIS registration database. Privacy advocates are also opposing a portion of the PPSAI report that explores whether to require registrars to release domain name owners’ information for websites without a court order when a website violates IP rights, distributes malware or engages in illegal activities (see 1507010065). “The debate will continue until the report is final, and we encourage any and all to voice their opinion,” Namazi said in a statement Wednesday. “This type of discourse is a critical element of the multistakeholder model.”

“Don’t send verification codes to anyone via text or email,” wrote Kristin Cohen, chief of the FTC's Office of Technology Research and Investigation, in a blog post Wednesday. Verification codes should be used only on the login page, Cohen said. Individuals who get a verification code they didn’t request should tell the provider, she said, because it could be a sign someone is tampering with the account. It’s possible a hacker with an individual’s email address and mobile number can pretend to be an individual’s email provider and send a text asking for a verification code to unlock the email account, Cohen said. The hacker can learn a lot of information looking through an email account or change email settings so emails are forwarded directly to the hacker, she said.

Email phishing campaigns appearing to be from the Office of Personnel Management and the identity protection firm CSID increased after last month's announcement that OPM suffered breaches, said the U.S. Computer Emergency Readiness Team (U.S.-CERT) in an alert Tuesday. “For those affected by the recent data breach, the legitimate domain used for accessing identity protection services is https://opm.csid.com.” Users should visit the OPM website for more information and report suspicious emails to U.S.-CERT, it said.

After reports the intelligence community was resistant to integrate its systems with those operated by the Office of Personnel Management’s (OPM) due to security concerns before recent breaches at OPM occurred, Brookings Institution Senior Fellow in Government Studies Benjamin Wittes questioned in a blog post Tuesday why “nobody in the intelligence community bothered, it seems, to help secure OPM’s systems.” If the Director of National Intelligence’s office thought the data OPM managed wasn't secure, why not secure those systems, Wittes asked. Though he says OPM isn’t without fault, “identifying intelligence targets in the federal government and securing them against professional intelligence adversaries is really the job of others in the federal government, and at least some of those others had their eyes on this problem,” he said. “The more I think about it, the less I think it makes sense to blame OPM for the failure here, and the more I think the intelligence community itself must take responsibility for it -- particularly for any portions of the breach or breaches that involve data for security clearance background checks,” Wittes said. The Office of the DNI didn't comment.

CEA and LonMark International set two standards for home and building automation. The standards give multiple parties -- users, developers, vendors, integrators and specifiers of open building control systems -- a way to develop and deliver a higher level of device-to-device interoperability using any open control networking communication platform, said CEA in a Monday news release. The intent of the standards is “to offer to the market a very proven, well adopted approach to solving the Internet of Things (IoT) interoperability issue,” said Ron Bernstein, LonMark chief ambassador. The library of device profiles includes definitions for HVAC, lighting, security, access, metering, energy management, fire and smoke control, gateways, room automation, renewable energy, utility, transportation and home and appliances.